Skip to main content

Documentation

Technical Documentation

Protocol specification, schema reference, and implementation resources for Cryptographic Runtime Governance and Attested Governance Artifacts.

Architecture

Technology Overview

Three-layer enforcement architecture: static policy, behavioral drift detection, and phantom execution. Receipt flow, evidence bundles, and five-step verification.

Explore

Compliance

Control Mappings

NIST AI RMF, SSDF, and SP 800-53 control mappings with evidence field references.

Explore

Source

Reference Implementation

TypeScript MCP gateway and Python SDK with cross-language test vectors.

View on npm

Legal

Patent Claims

USPTO Application No. 19/433,835. 20 claims, 3 independent.

Explore

Trust

Trust and Scope

What evidence bundles prove, what they do not, and the trust assumptions.

Explore

Reference

Glossary

Key terms: receipts, bundles, chains, Merkle proofs.

Explore
DEVELOPER GUIDE

Get Started

Install the Python SDK, generate governance receipts, and verify evidence bundles.

Install the Python SDK

terminal
pip install aga-governance

Single dependency: PyNaCl (Ed25519 signatures). Python 3.9+.

Record Tool Calls

session.py
from aga import AgentSession

with AgentSession(gateway_id="my-gateway") as session:
    # Record each tool call decision
    session.record_tool_call(
        tool_name="read_file",
        decision="PERMITTED",
        reason="path within allowed prefix",
        request_id="req-001",
        arguments={"path": "/data/report.csv"},
    )
    session.record_tool_call(
        tool_name="write_file",
        decision="DENIED",
        reason="path outside allowed prefix",
        request_id="req-002",
        arguments={"path": "/etc/shadow"},
    )

    # Export and verify
    bundle = session.export_bundle()
    result = session.verify()
    print(f"Valid: {result['overall_valid']}")  # True

Verify a Bundle

terminal
# CLI verification
python -m aga verify evidence-bundle.json

# Python API
from aga import verify_bundle_file
result = verify_bundle_file("evidence-bundle.json")
print(result["overall_valid"])  # True

Verification is offline. No network, certificates, or external services required.

MCP Gateway Proxy

terminal
# The MCP gateway sits between AI agents and tool providers.
# Every tool call is intercepted, evaluated against policy,
# and recorded as a signed governance receipt.

# Verify a gateway-produced evidence bundle:
curl -s https://aga-mcp-gateway.attestedintelligence.workers.dev/bundle \
  | python -m aga verify -

Cross-Language Test Vectors

64 test vectors across 9 categories ensure byte-for-byte compatibility between Python, TypeScript, Go, and independent verifier implementations. Covers canonicalization (RFC 8785), Ed25519 signatures, SHA-256 hashing, timestamp normalization, receipt signing, chain linking, and Merkle tree construction.

Vectors are published in the AGA MCP Server package.